Lucene search
K

17406 matches found

Nuclei
Nuclei
added 12 hours ago106 views

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

10CVSS7.4AI score0.96682EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago15 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.2AI score0.03559EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago30 views

D-Link DIR-859 - Information Disclosure

A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to /getcfg.php endpoint with the parameter SERVICES=DEVICE.ACCOUNT. This could allow attackers to obtain...

9.8CVSS6.8AI score0.32261EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago87 views

D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

8.8CVSS7.1AI score0.09997EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago66 views

D-Link DIR-610 Devices - Information Disclosure

D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZEDGROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. id: CVE-2020-9376 info: name: D-Link DIR-610 Devices - Information Disclosure author:...

7.5CVSS7AI score0.16586EPSS
Exploits1References5
EUVD
EUVD
added 19 hours ago5 views

EUVD-2026-43609

An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file...

9.8CVSS6.1AI score
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-52533

An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file...

9.8CVSS
Exploits0References3
Nuclei
Nuclei
added yesterday68 views

D-Link DIR-615 - Unauthorized Access

D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations. id: CVE-2021-42627 info: name...

9.8CVSS7.1AI score0.6307EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday106 views

D-Link DNS-320 - Remote Code Execution

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...

10CVSS7.1AI score0.8721EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday105 views

D-Link DIR-600M - Authentication Bypass

D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication...

9.8CVSS7AI score0.67091EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday55 views

D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure

A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. id: CVE-2024-3274 info: name: D-LINK...

5.3CVSS5.7AI score0.33484EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday55 views

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

8.6CVSS6.8AI score0.44101EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday131 views

D-Link NAS - Command Injection via Group Parameter

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. i...

9.8CVSS6.9AI score0.79135EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday69 views

D-Link Routers - Local File Inclusion

D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /...

7.5CVSS7.1AI score0.39268EPSS
Exploits8References5
Cvelist
Cvelist
added yesterday22 views

CVE-2026-52533

An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file...

Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-52533

An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file...

9.8CVSS6.1AI score
Exploits0References3
Nuclei
Nuclei
added 3 days ago213 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.2AI score0.97836EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago88 views

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

9.8CVSS7.3AI score0.80682EPSS
Exploits4References4
Nuclei
Nuclei
added 3 days ago29 views

D-Link Network Attached Storage - Backdoor Account

A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user...

10CVSS6.9AI score0.98038EPSS
Exploits2References2
NVD
NVD
added 5 days ago6 views

CVE-2026-15270

A weakness has been identified in D-link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...

7.7CVSS0.00368EPSS
Exploits0References6
Rows per page
Query Builder